- Monero developers have discovered a bug that circumvents their privacy algorithm.
- Funds spent within 20 minutes of receiving tokens could bypass the privacy function.
- Monero built its reputation as a private cryptocurrency that preserves user anonymity.
Privacy coins are challenging the power of monetary circulation in lieu of the requisites of centralized institutions. Cryptocurrencies such as Monero and Zcash have been banned in certain sovereign states as they provide a layer of anonymity, which is sometimes absent from regular cryptocurrency transactions. Privacy coins retain the core values of digital anonymity, whilst primarily being attractive to cryptocurrency maximalists, rather than those advancing blockchain as a disruptive global tech.
The Bug That Made Monero Less Private
An imperfect or flawed code, particularly when sensitive information is transacted, leads to hollow assurances. Monero took to Twitter to announce that a developer discovered a “significant bug” in the code, which was invalidating Monero’s anonymity to a certain extent.
Monero specified that Justin Berman discovered the code issue which was influencing the blockchain’s decoy selection algorithm. Berman emphasized that he could find “next to 0 chance of selecting extremely recent outputs as decoys.”
According to the Monero announcement, the bug only influenced transactions that occurred in the last 2 blocks, as allowed by the consensus rule. Then, if any funds were to be spent during the fund entry interval, “the output can be identified as the true spend.”
A GitHub thread posted by Justin Berman highlights that any transaction created in the block, in which it is also spent with fewer than 100 outputs, reveals the “real output in the ring.” While the issue only affects a single type of transaction behavior, it still hinders a user’s ability to retain total anonymity.
On The Flipside
- A proposed bill that aims to tax crypto might not influence privacy token holders.
- Monero’s anonymity features provide an avenue into creating a thriving dedicated community.
- Data has already debunked the use of cryptocurrencies in illicit and illegal digital activities.
Patching Things up
While the bug shows true output, it only affects the user’s anonymity for a brief moment. As Monero highlighted, the bug shows the real output but “does not reveal anything about addresses or transaction amounts.” Still, as history shows us, such as with the Colonial Pipeline ransomware, any piece of information, no matter how small, can be used to break anonymity.
The bug is still existent within the wallet code, and Monero has communicated that users can bypass the nuisance “by waiting 1 hour or longer before spending their newly-received Monero.” Although this seems out of proportion, Monero emphasized that the solution is only temporary until a more permanent fix can be implemented. It is worth noting that Monero has underlined it does not intend to initiate a hard fork, but instead to patch the issue as a wallet update.
While hacks have become a constant in the cryptoverse, with THORChain falling victim to multiple attacks in recent times, Monero’s situation could easily be envied. In an addendum, Monero emphasized that only a tiny fraction of transactions will be affected, and the bug does not pose any threats to user funds.
Monero has ridden the momentum with other parts of the market, despite the unfavorable news, and joined Bitcoin in increasing by roughly 40% in value since the low on July 20th.